Basic, But Important, Questions...

powerkord

New Member
Greetings,

Ive narrowed down my choice of secure deletion program to the latest version of Eraser, CyberScrub Pro, or BCWipe. I thought it might be helpful for the Admin here, who I take it is also the Eraser programmer, to give us his thoughts, as objectively as possible, regarding the relative strengths and weaknesses of his product, vis-a-vis competing products. In my case, it is obviously the two mentioned above Im interested in hearing about, relative to Eraser.

Obviously, if users themselves with relevant and reliable experience or insight into these various products also want to contribute, that would make the thread all the more useful.

I like the fact that Eraser is free, and is part of the free software movement. And, having been around computers more than Id like, I highly value product stability, and excellent, comprehensive documentation, written by persons with a good command of English. The Admin certainly has that, as does the product description information at the Eraser website.

But, it seems that with Eraser, one has to perform two wipes: one from the hard drive, and then a separate floppy-based wipe for the swap files. It is stated that one can get around this by temporarily disabling the Windows swap file (ie virtual memory), but--is this disabling (and then re-enabling) process straightforward, or can it turn to disaster, as can so easily happen with computers?

Many people seem to use and like CyberScrub, and it seems very full-featured. I did find one, or two, people who mentioned glitches; one said the program mistakenly ate part of their OS, mistakenly deleting 13,000 files. The other said when selecting one file for wiping from the right-click menu, the program was poised to delete many more files than that, although its confirm/cancel command allowed the user to stop, and successfully re-select the single file to be wiped. Supposedly, if you go through this start-stop process the program then accepts the proper single file the second time you select it. I dont know if these two complaints were for the latest version; I dont think so.

BCWipe seems like a very well-programmed product. My complaint, though--the same one I had several years ago when I used their free (at that time) shareware version--is that the people writing the product info on their web pages and providing email support dont have a full, proper, and exacting command of English. Given the importance of a full, clear, and nuanced understanding, by the user, of how this kind of product works, Im still somewhat hesitant to commit to this product.

Last, I note that it appears that neither CyberScrub nor BCWipe require a separate, floppy-based wiped to take care of the swap files.

The other basic question I have, and maybe the Admin will be kind enough to educate me, and others, on this, also, is this: exactly when is it necessary to use a drive "scrubber" ala Cybercide, vs. a drive "cleaner" ala CyberScrub, Eraser, or BCWipe?
For example, I get the impression that if you just want to wipe your own:

- files/folders, or
- free-space (up to and including, say, an entire volume or drives worth, providing its just your data and not the OS, itself, you want to wipe)

...then a cleaner is fine. However, if you want to literally wipe an entire drive, *including* the operating system, then you must use a scrubber ala Cybercide. Is this an accurate understanding?

I realize Ive asked a number of questions here, but my choice of secure deletion program is extremely important to me--I want to make it once, and then simply commit to my chosen program, hopefully for many years, if not for life. And I dont doubt that others would be enlightened by this information, also. This is a complex decision.

Accordingly, Good Admin, complete, accurate answers to all questions will be extremely appreciated. Thanks.

Regards,

vincent christopher
 

powerkord

New Member
Greetings,

I neglected to mention in my previous post that I will be using my chosen wiping program on a laptop, in all probability an IBM ThinkPad R31, containing a Hitachi 20GB drive.

Regards,

vincent christopher
 

garrett01

Administrator
Staff member
Hi,
Have read your very extensive question(s) and can say this:

Eraser is the best there is. Copied but never bettered. Has a user base of millions. No secrets, source code is available for review.

Look at
http://www.heidi.ie/stats/countriestop.htm
Note the US Military rank 19

Your question on the swap file: On NT and above there is an OS command to wipe the swap file on shutdown (Single Pass). On Win98 the only way to wipe the swap file is via DOS or to disable and wipe from there.

It is not our policy to comment on competing products. It is up to you to make the final decision.

Command of English is not an indication of ability or product quality.

Some of the products mentioned delete cookies etc. They work as surfing cleaners and may not erase the data in the way eraser does.

Garrett
 

powerkord

New Member
Hi, Garrett,

While you didnt answer all my questions fully (and Im not just referring to those pertaining to competing products), I do appreciate your response.

If you care to answer a bit more fully--purely up to you, of course--that would be great (especially my very basic question about when a scrubber versus cleaner is required); additionally, I remain extremely interested in the insights of other individuals regarding these questions and issues.

Re scrubbers vs. cleaner, just to be more clear: Im using this terminology, which Ive picked up recently in researching this class of products. Scrubbers (like Cybercide by CyberScrub LLC, aka East-Tec), as I understand them, are used to eliminate ALL data on a drive, including the operating system. Cleaners, as I understand them, can have multiple functions, including things like cleaning cookies, etc., but fundamentally (in terms of my purposes), they do secure wipes. However, since scrubbers also do secure wipes, Im wondering when a scrubber should be used, vs. a cleaner. My working impression is that to wipe an entire drive, *including* the operating system, you must use a scrubber; any lesser task, like just wiping files, folders, and/or free space (even very large amounts of free space, like 10, 20, 40 GB, etc), are properly done using a "cleaner," like Eraser or CyberScrub. Im simply looking for confirmation, pro or con, from Garrett or others, that my understanding on this is correct.

On a few other specific points:

Garrett wrote: "Eraser is the best there is."

This is a claim, or assertion. How about a few specifics to support this claim?

Re the military rank of 19--I dont really understand that chart. What is the significance here?

You wrote: "On NT and above there is an OS command to wipe the swap file on shutdown (Single Pass). On Win98 the only way to wipe the swap file is via DOS or to disable and wipe from there."

Im running XP Pro. I presume this is part of "NT and above"? But even so, I can only use that command if I settle for a single-pass wipe? And, is that a built-in OS wipe, or an Eraser wipe?

You wrote: "Command of English is not an indication of ability or product quality."

Maybe. But such command is essential for a *user* to understand specifically how a product operates, and specifically what each function does (read through the BCWipe FAQ at the Jetico web site, and note several points of confusion or ambiguity re specific product operation).

Additionally, I want to add these items to my original post:

- Bad thing about BCWipe--a license is apparently only good for one year, after which you presumably have to pay another $45 (ouch).
- One poster here stated they like Eraser because its the only product to properly implement the DOD spec. Is there really a widespread claim that CyberScrub and BCWipe do not properly implement this spec? How is Eraser implementing it, that these products are not? This goes to my inquiry above, asking for support of the assertion "Eraser is the best there is."

(One last point, made casually: I understand the assertion about not commenting on competing products--many companies say this. But, in the real world of the marketplace, potential buyers ARE specifically comparing products, and companies unwilling to apprise prospective buyers of why they consider their product superior are putting themselves at a practical disadvantage. Finding firsthand comparative product information is *not* easy.)

I await the insight of those willing to share it, regarding the above questions.

Regards,

vincent christopher
HardRockMall.com
 

Scott

Member
Just some comments...

IMO, having source code for a secure-deletion utility is nice, but not nearly as important as for an encryption utility. The reason is that with a secure-deletion utility, you can definitively see whats going on, if you want.

The page file... Overwriting on shut down is a nice touch on WinNT systems, but its not as secure as you might think. What if the page file grows and then shrinks during any particular Windows session--which is what it does by default? Some of the areas on your hard drive(s) where the page file(s) were while Windows was running--but where it no longer existed when Windows was shut down--wont be overwritten. Even if the entire page file is overwritten, it is only done so with a single, simple pass.

The best way to secure your page file is to use BestCrypts "CryptoSwap" feature, which encrypts the entire page file, the whole time Windows is running.

Finally, I simply cannot believe that Eraser has a user base in the multi-millions. Give me a break, please.
 

Scott

Member
quote:One poster here stated they like Eraser because its the only product to properly implement the DOD spec.Who cares? This seems to me a simple-minded criticism. In any decent secure-deletion product (Eraser, BCWipe, etc.), you can define your own wiping methods. Creating and using a method that is exactly equivalent to, as secure, or more secure, than DoD is not difficult.

Anyone who is concerned enough about security to complain about a DoD-method implementation should have used strong encryption in the first place, in conjunction with either the Peter Gutmann overwriting method, or simply a series of random writes (which is at least as good as any stupid DoD specification).

By the way, here is BCWipes implementation of "U.S. DoD 5200.28-STD":

1) 00110101
2) 11001010
3) 10010111
4) 01101000
5) 10101100
6) 01010011
7) Random

Anyone paying attention will notice that it is a different "DoD standard" than the one used in Eraser (DoD 5200.28-STD vs. DoD 5220.22-M).

quote:Bad thing about BCWipe--a license is apparently only good for one year, after which you presumably have to pay another $45 (ouch).I have a license for BestCrypt and BCWipe, and have not seen this policy mentioned anywhere. Where did you hear or read this?

quote:You wrote: "On NT and above there is an OS command to wipe the swap file on shutdown (Single Pass). On Win98 the only way to wipe the swap file is via DOS or to disable and wipe from there."

Im running XP Pro. I presume this is part of "NT and above"? But even so, I can only use that command if I settle for a single-pass wipe? And, is that a built-in OS wipe, or an Eraser wipe?Yes, the option to enable page file overwriting on shut down is inherent to WinXP. Many third-party utilities (such as Eraser) provide an easy way to enable this option, but the best way to enable it is to use Windows itself (this ensures it is done correctly).

Go into "Local Security Settings" (Start > Run > secpol.msc > OK), then navigate to Security Settings > Local Policies > Security Options. Double click the "Shutdown: Clear virtual memory pagefile" entry, select Enabled, and click OK. Your page file will not be cleared for the first time until you reboot.

I am not certain, but I believe that enabling Windows built-in page file overwriting will cause it to be overwritten once with zeroes. In any event, you can be sure that it is not done with optimal security. For one thing, portions of the page file may not be overwritten at all (see my comments above). Again, your best option where the swap file is concerned seems to be to use BestCrypts "CryptoSwap" feature. I have been using this feature for awhile on WinXP, and I have had no stability or performance problems at all.
 

garrett01

Administrator
Staff member
Some points to note:

Eraser does what it says nothing more. You select a file you erase it, you select free space you erase it etc. We dont make any outrageous claims. Other products veil their features in all sorts of fancy sales talk and fear generating literature. There must be thousands of cleaners/erasers etc out there and we do not have the time to compare them all. Perhaps look at the press coverage section on our site and dig out old magazines at the library.

User base of millions:
Suggest you go around and total up all the download sites. The magazine disk covers and even TV/Radio coverage of this product. Remember it is free/donation and most people/companies would die before spending money. The Titanic is proof of the latter :)

Eraser is a volunteer effort and as we get emails night and day. It would be preferable if rather less people used it so we might get more sleep and have more time for food generation activities. Our wallets do not have a vested interest in you choosing eraser.

Swap File:
Encrypting the swap file alone is a waste of time, as at best the encryption will have to be of limited key length to avoid slowing the machine down too much. It will not help with temp files, INFO2 records, or all the other bits strewn around the disk by programs. Your best option would be to encrypt the entire drive.

Drive Encryption:
This has been discussed at length in the newsgroups.

The summation of comment on that and its security:
- Court order/torture etc
- You think your password is secure/unique.
Well join the other 99% who have that illusion.
- You have made a stupid mistake. Too many possibilities to list :)
- The PC is radiating all its data as RF making it a laughable task
to intercept what you are doing on the PC as you read this.

Erasing Scenarios + Comparing other products:

No Defragmenter:
You buy a PC you use it over a few months and store sensitive data on it. Occasionally you use an eraser like product. If you use a free space erase as well you will remove most of your data. Nevertheless, there may be data in the swap file, remnants of filenames in the MFT, bits stored in data files or documents. Remember the Word bug where you found pieces of other documents in other documents. Databases often grow by allocating new chunks of space but the new disk space will not be cleaned until data has been added.


Defragmenter:
Defragmenting will spread your data all over the disk as it is moved about to be defragmented. If you erase the file afterward, you may still have bits on the drive. Free space erase will have the same problems as above but is even more important to run.

Backup systems:
All those tapes. Only way there is to degauss.

Erasure method:
To MOD or not to MOD! For modern drives, 35 passes etc are often unnecessary as the magnetic media is much thinner.

Finally: Cost/Importance
If the data is vital then any expense may be worth it, even eraser may not save you here. RAM chips can have memory of last settings after the machine is powered off.

Garrett
 

Scott

Member
Youre scaring me a bit here. Reading your post, I was reminded of the first time I read the "Evidence Eliminator" web page. Not a good thing. Radio frequency emissions are trivial to intercept and glean information from? Show me one legitimate paper on the subject and Ill go along with you on this.

BestCrypts swap file encryption: It offers the choice of Rijndael, Towfish, or GOST with a 256-bit key, and Blowfish with a 448-bit key. Thats more than enough. And if you have enough memory, the performance impact is nil.

Of course swap file encryption doesnt cover the Recycle Bin and so forth, but thats beside the point! Swap file encryption closes one security hole, and for a good reason: The swap file tends to be a very intractable security hole, because they cannot reliably be overwritten under normal circumstances.

Telling me it is "a waste of time" to encrypt the swap file is like saying its not worthwhile to use an air bag when you drive, because it wont protect you from an idiot who rear ends you.
 

nodrick

New Member
My this is fascinating stuff!Just as a side note Vince,there is(well I got a copy!) still a free version of BC Wipe at:
http://www.pt.lu/comnet/files/utils/bcwipe228.exe
I know it has since been upgraded,but to my inexpert eye,does not seem too different from the current version.I make no comment about BC Wipes method of swap file erasing!
 

pcprivacytech

New Member
I think Garrett is right on most everything he posts here. However, if his expressions of doubt regarding encryption are truly held - he is wrong. No, there is no such thing as an "unbreakable passphrase." However, utilizing strong encryption with a strong bit-length and (the key here to defeat the weakest link) A GOOD PASSPHRASE, and for all practical purposes it is, indeed, unbreakable. It would be simply too expensive to go to the task of cracking strong encryption when deployed correctly.

In the United States, there are many hard drives sitting in police departments and at the FBI that have encrypted partitions or containers that simply cannot be cracked. In the U.S. the 5th amendment to our constitution protects users from having to "cough up" the passphrase. It is the right against self-incrimination.

As for the whole RF thing - its rarely used and becoming an outmoded option with more and more computer users using laptops or flat panel LCD screens.

Garrett is on target when it comes to Eraser. As for cryptography, he might want to leave that to those of us that work with it daily for a paycheck. STRONG encryption (no proprietary or "secret" algorithms) and the knowledge of the end-user to deploy the crypto program correctly will secure anything for many years to come. Newsgroups, by the way, are bastions of misinformation when it comes to cryptography. One popular one in particular (alt.security.scramdisk which actually deals with about anything) is one of the worst for disinfo. Its awful. There is a lot of inside politics there with programmer and past associates, etc. By the way, I think Drivecrypt and Bestcrypt are the two best OTFE products available for the general consumer. I have read of problems with Drivecrypt someplace on this forum and was surprised. If you are using 3.03b there should be no problems at all. Bestcrypt (from Jetico - the same people who gave us BCWipe) is also very good and has stood the test of time.

If you want to keep your secrets yours -- and yours alone: ENCRYPTION.
 

Scott

Member
quote:Originally posted by pcprivacytech
I have read of problems with Drivecrypt someplace on this forum and was surprised. If you are using 3.03b there should be no problems at all.What can I say? I was working with a clean install of Windows XP SP-1, and DriveCrypt 3.03b worked terribly. I didnt get the typical blue-screen crashes that every other version of DriveCrypt treated me to, but I had system freezes whenever I dismounted a volume. And I corresponded with two other people who had serious issues with DriveCrypt 3.03b as well. BestCrypt 7.08, OTOH, has been wonderful (well, Ive found a few bugs in BCWipe, but nothing as bad as with DriveCrypt).
 

garrett01

Administrator
Staff member
I think you misunderstood what I said about passphrases being weak.

The entire game of encryption is more about incompetence than technology.

We all have our passwords and our predicatbility is shocking.
You may have a GOOD PASSPHRASE but perhaps you used it in some weak application eg a document or a ZIP file. A good detective will research all these possibilities. Crack something small first and you will be amazed.

>>In the United States, there are many hard drives sitting in police >>departments and at the FBI that have encrypted partitions or >>containers that simply cannot be cracked. In the U.S. the 5th
Very true. This is a factor of time and money. I am sure if
it had Bin Ladens CV on it the problem would diminish rapidly.

>>"Cough up" the passphrase. It is the right against self->>incrimination.
Try that with no sleep...

>>As for the whole RF thing - its rarely used and becoming an
To be replaced by wireless modems etc all generating vast amounts of RF. Even my laptop here is radiating. If it radiates, it can be intercepted and if it has some info in it, it has worth.

>>As for cryptography, he might want to leave that to those of us >>that work with it daily for a paycheck.
Would you like to help beta test our next product? Its a mail/web/news/ftp server with SSL/TLS built-in.

>>STRONG encryption (no proprietary or "secret" algorithms) and the >>knowledge of the end-user to deploy the crypto program correctly >>will secure anything for many years to come.
This is true provided you have followed a good protocol see comments above..

>>Newsgroups, by the way, are bastions of misinformation when it
Very, very true.

Garrett
 
Top